Prolexic mitigates world's largest packet-per-second DDoS attack

According to the DDoS mitigation specialist, the Asian organization that was hit by the attack between November 5/12 saw a peak of 15,000 connections per second - a bandwidth overload that would have floored just about any organization's network resources - unless your company name is Facebook, Infosecurity notes.

Interestingly, Prolexic says this scale of attack may be unusual, but it reflects the current trend towards DDoS attacks of escalating size and complexity.

Paul Sop, CTO with the Florida-based firm, the attack rates seen in the Asian attack would have overwhelmed an automated DDoS mitigation appliance. And, he adds, an ISP or major carrier-based service would also not have been able to successfully mitigate the DDoS IP flood.

The attackers, he explained, used six different attack signatures during the event - including a combination of bandwidth-driven Layer 3 and targeted Layer 7 attacks aimed at the organization's critical application layer.

In total, Sop says that his firm mitigated a total of four separate DDoS attacks over the course of the event, which lasted 7 days and 20 hours.

"This attack was three times larger in packets per second volume than the biggest attack Prolexic has mitigated has mitigated previously, and which also occurred in 2011", he said.

"Frankly, we are not surprised since we have seen an almost four-fold increase in packet volume since Q3 2010. This increase reflects an emerging strategy in which attackers directly target a company's DDoS mitigation appliances, which are commonly vulnerable to such attacks, as they cannot handle such high PPS rates", he added.

Sop went on to say that Prolexic is seeking to stay one step ahead of this trend through additional investments in DDoS mitigation infrastructure in the regions where it has seen the greatest increase of botnet activity and the greatest influx of extremely large attacks.

He warns that this steady escalation in attack size and complexity will be especially threatening to e-commerce businesses during the 2011 holiday season.

Sop also cautions that other industries such as hospitality, gaming, and shipping services, should also be on high alert for DDoS attacks in Q4 2011 as botnet activity continues to ramp up in the Asia Pacific region.

As a result, he advises that having attack prevention measures in place from a DDoS mitigation specialist is the best defense against attacks of escalating size and complexity during the online holiday shopping season and beyond.